UK wants more secure products as ‘Hack Friday’ sales get under way

Apple’s decision to sue Israeli spyware maker NSO this week, over surveillance software it planted on iPhones, is one end of the spectrum of steps that deter hackers.

At the other end is creating hardware and software that can’t be hacked in the first place, and Apple can claim some success there. “Apple devices are the most secure consumer hardware on the market,” said Craig Federighi, Apple’s senior vice-president of software engineering. The company cited research that found other mobile platforms have 15 times more malware infections than iPhone, while less than 2 per cent of mobile malware targets iOS devices.

The UK government has now taken steps to make sure other manufacturers of connected gadgets up their game. The Product Security and Telecommunications Infrastructure Bill (PSTI), introduced to Parliament on Wednesday, will require manufacturers, importers and distributors of such products “meet tough new cyber security standards — with heavy fines for those who fail to comply”.

The new regulations would include a ban on easy-to-guess default passwords that come preloaded on devices, a requirement for full disclosure on planned security updates at point of sale and a duty to make it easy for security researchers and others to report the discovery of bugs.

The new regime will be overseen by a regulator, with the power to order a ban on the sale of products and to fine companies up to £10m or 4 per cent of their global turnover, as well as up to £20,000 a day in the case of an ongoing contravention.

Devices covered include smartphones, smart TVs, games consoles, security cameras, baby monitors, smart home hubs and appliances, voice-activated assistants, smart thermostats and wearable fitness trackers.

The growing range of connected, accessible products is certainly staggering. The consumer watchdog Which? labelled Black Friday as Hack Friday in a report last week. It found more than 1,800 smart tech products available for sale — including doorbells, wireless cameras, alarms and tablets — using apps with inadequate security protection that left users exposed to hackers or infringement of their data privacy.

The Internet of (Five) Things

1. US blacklists Chinese quantum computing companies 
The move, which makes it almost impossible for US companies to sell technologies to the listed companies, targeted a total of 27 entities, including 12 in China and two affiliated firms in Japan and Singapore. In addition to quantum computing, the list included companies in the semiconductor and aerospace industries.

2. SK Hynix hit by US tech-transfer pressure
US opposition to South Korean chipmaker SK Hynix’s plans to upgrade a plant in China is threatening the company’s competitiveness. Analysts say the latest machines, made by ASML of the Netherlands, must be installed within the next three years for SK Hynix to keep up with other global chipmakers, such as Samsung and Micron. Richard Waters’ Inside Business column this week looks at how Intel has been overtaken in stock market value by US rivals Nvidia and Qualcomm, with AMD also closing in.

3. Crypto’s Kazakh winter
A mass migration of crypto miners from China has contributed to three major power plants in Kazakhstan going into emergency shutdown last month. The national grid operator Kegoc has now warned it will start rationing power to the 50 crypto miners that are registered with the government.

4. Iniesta scores crypto own goal
As promotions of crypto exchanges and tokens in sport boom, Spain’s market regulator has had to warn one of the country’s football heroes over his apparent recommendation of Binance, without alerting followers on the risks. Andrés Iniesta, who scored the winning goal in Spain’s 2010 World Cup victory, posted Twitter pictures of himself using the exchange.

5. Why the race to harness nuclear fusion just sped up 
Scientists are on a 60-year mission to answer one of energy’s most complex problems: how to harness the power of the sun to generate clean, never-ending electricity on Earth. No group has been able to generate more energy from a fusion reaction than the system consumes. But now, scientists are optimistic.

Forwarded from Sifted — the European start-up week

Individual investors have long been a part of the start-up ecosystem, writing small cheques for very early-stage companies. But the big investments were left to the venture capital firms. This is all changing with the rise of the “solo GP”, with individuals raising $100m+ funds themselves and shaking up the world of start-ups and investing. The trend started in the US but is now making its way to Europe. The latest to break ranks and start a solo fund is former Lakestar partner Manu Gupta, who recently founded Blue Lion Capital, he confirmed to Sifted. While Gupta has a partner who will manage the operations side of the portfolio, Gupta will be the primary investment and fundraising brain.

Elsewhere in European start-ups this week, the collapse of the energy start-up Bulb is a blow to investors whose stakes had been worth tens of millions; new start-up Gelatex says it can make cultured meat 90 per cent cheaper; and Yababa, a grocery delivery company focused on multicultural produce, raised a $15.5m seed round following several other similar start-ups in recent weeks.

Tech tools — Links are back

It’s getting easier to link out from and see other social media services, reports Axios’s Sara Fischer, as they become more relaxed about the use of competing products by members. Twitter has finally ended the policy that forced users to click on Instagram links shared on Twitter in order to see pictures that were shared. The growth of the creator economy has also created pressure to allow link-in-bio and link-to-purchase features, according to The Information. In other examples, Bitly launched a “Link Launchpad” this month, a landing page that allows users to share multiple links from their social media profiles. And Linktree, a “link in bio” service, created an integration with Shopify storefronts.